function Xss::filterAdmin
Applies a very permissive XSS/HTML filter for admin-only use.
Use only for fields where it is impractical to use the whole filter system, but where some (mainly inline) mark-up is desired (so \Drupal\Component\Utility\Html::escape() is not acceptable).
Allows all tags that can be used inside an HTML body, save for scripts and styles.
Parameters
string $string: The string to apply the filter to.
Return value
string The filtered string.
See also
\Drupal\Component\Utility\Xss::getAdminTagList()
26 calls to Xss::filterAdmin()
- AreaTest::testRenderArea in core/
modules/ views/ tests/ src/ Kernel/ Handler/ AreaTest.php - Tests the rendering of an area.
- Boolean::render in core/
modules/ views/ src/ Plugin/ views/ field/ Boolean.php - Renders the field.
- Custom::render in core/
modules/ views/ src/ Plugin/ views/ field/ Custom.php - Renders the field.
- DbLogController::formatMessage in core/
modules/ dblog/ src/ Controller/ DbLogController.php - Formats a database log message.
- DisplayTest::execute in core/
modules/ views/ tests/ modules/ views_test_data/ src/ Plugin/ views/ display/ DisplayTest.php - Executes the view and returns data in the format required.
File
-
core/
lib/ Drupal/ Component/ Utility/ Xss.php, line 201
Class
- Xss
- Provides helper to filter for cross-site scripting.
Namespace
Drupal\Component\UtilityCode
public static function filterAdmin($string) {
return static::filter($string, static::$adminTags);
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.